jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity
Files
97aaaa44b0aa0ba3c5c33660b7e2deb13a5fdc75
nix-config/hosts/hypnos/default.nix
Jordan Holt 19d322f406
Some checks failed
Check flake / build-amd64-linux (push) Failing after 1m10s
Details
hosts/hypnos: rebuild
2026-01-11 21:42:55 +00:00

117 lines
2.3 KiB
Nix
Raw Blame History

{
inputs,
lib,
pkgs,
...
}:
let
inherit (lib)
mkForce
;
in
{
imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
../desktop.nix
../../modules/nixos/deterministic-ids.nix
../../users/jordan
];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
permittedInsecurePackages = [ "broadcom-sta-6.30.223.271-59-6.12.63" ];
};
};
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd.systemd = {
enable = true;
extraBin.cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
services."zfs-import-rpool".after = [ "cryptsetup.target" ];
};
tmp.useTmpfs = true;
};
console.earlySetup = true;
systemd.network.enable = true;
systemd.network.wait-online.enable = false;
networking = {
hostId = "cf791898";
useNetworkd = true;
dhcpcd.enable = false;
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
};
};
services.resolved = {
enable = true;
dnssec = "false";
fallbackDns = [
"9.9.9.9"
"2620:fe::fe"
"1.1.1.1"
"2606:4700:4700::1111"
];
llmnr = "false";
extraConfig = ''
MulticastDNS=false
'';
};
# Workaround for label rendering bug in GTK4 with nvidia 470 driver
environment.sessionVariables.GSK_RENDERER = "gl";
environment.persistence."/persist".enable = mkForce true;
environment.persistence."/state".enable = mkForce true;
modules = {
system.desktop.gnome.enable = mkForce false;
};
services.openssh.settings.PermitRootLogin = mkForce "prohibit-password";
users = {
users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
};
};
};
users.deterministicIds =
let
uidGid = id: {
uid = id;
gid = id;
};
in
{
systemd-oom = uidGid 999;
systemd-coredump = uidGid 998;
sshd = uidGid 997;
nscd = uidGid 996;
polkituser = uidGid 995;
rtkit = uidGid 994;
lpadmin = uidGid 993;
};
system.stateVersion = "22.11";
}
Reference in New Issue View Git Blame Copy Permalink